Application stores are growing everywhere like mushrooms. While users have initially embraced application stores because of the ease they offer with application installation, developers have several complaints. Division of profits from paid application and ineffectiveness of the screening process are among the major issues. Are application stores the best distribution channel possible? Can they satisfy both developers and users?

Having to jailbreak is the primary point. With Idevices, it's not just an option toggle (Android) or easy easter-egg standard across all devices running the OS (Maemo). The fact that one must jailbreak the device and potentially repeatedly with a new method every OS update sucks.

In terms of android, perhaps rooting is different from adding third party repositories. In terms of rooting, that used to be a different method per Android version and hardware version combination if it's not still. The issue isn't just the ability to add third party repositories but the ability to have complete access to one's own purchased property. Android also suffers from poor repository management. I'd much rather see a two or three teer vetting process like Debian's unstable/testing/stable or Maemo's development/testing/production methods.

"if Android worked like most Linux distros do, each individual phone would have its own app store"

Currently, repositories differ by distribution not device they happen to be on. Debian repositories don't care if they are accessed from my server, desktop, notebook or MID. Ubuntu is a fork of Debian and had to provide it's own repositories. Mint is a fork of Debian and it had to provide it's own repositories. Mandriva does not draw on Red Hat's repositories. These are all separate distributions managed by different organizations and should indeed draw on repositories also managed by those organizations. If you want to work within the distribution, you work within it's repositories and organizational structure. There are very good reasons why that is.

Repositories are a defining and competitive attribute of the distribution. Customer service, product quality control, available software.. all there. Does the distro have good quality control (Debian's three stages) or is it less competitive on that aspect (Gentoo's IRC Server incident). Versions of programs are not the latest and greatest (Debian Stable), consider a distribution that provides more bleeding edge with resulting less stability (Ubuntu forked from Debian Testing/Unstable branches). Competitive or defining attributes are not foreign to any other product category either; cars, tooth paste.. all got them.

Now, if Android where like traditional Linux based distributions any vendor shipping uncorrupted Android would draw on Android repositories regardless of what hardware branding it's installed on. If a device is branded as an "Android device" it should be able to easily take Google's core distribution firmware through a standard flashing process; let manufacturers provide a small separate blob image for device specific drivers if they must. Really, they should be providing the drivers back to the core distribution's kernel but the add-on blob is an acceptable compromise for the moment.

Vendor's who must fork Android into there own one-off version, as has been sadly popular, should indeed be providing there own repositories. They fork the distribution away from the parent distro, they accept the responsibility of managing there own repositories and loss of use of the "Android" branding. It may actually work out in the end user's favor by adding another bit of motivation to stick with Google's parent distribution rather than go it alone for branding or malware purposes (like Motorola's logic bomb modification).

In my time, I've not really seen packages pulled from a repository under threat of lagall action. The only example I can really think of is probably a decade old when Red Hat stopped including the mp3 codec and similar multi-media related packaged (RH3'ish?). It made the distro more appropriate for business use and I found Mandrake which was more appropriate for home use.

There are still distributions that deliver limited or poorly managed repositories and that's what makes other distributions preferable choices. Ubuntu draws on Debian's testing/unstable branches and makes poor security related choices about default configurations so I use a distro that better supports my preferences for stability and strong security related defaults. Want a phenomenal set of "control panel" type utilities; Mandriva's draketools make it a very attractive new user distribution (hopefully they've improved on the overall distribution management or the Magea folks do better).

In short though, if Android was like traditional distributions, it would probably be much improved over the current mess of fragmentation caused by what should be separate fork distributions continuing to claim branding of the parent distribution while delivering one-off modified versions.

Repositories are a defining and competitive attribute of the distribution. Customer service, product quality control, available software.. all there.

IMHO, that's a pretty bad way to differentiate distros, and a pretty bad reason to have so many different ones. If we're going to play this game, I'd rather see 3 different distros with very solid repositories, rather than 900. Or better yet, how about 1 distro with 1 repository? One of the points made in the article is that having a single app store exposes a single point of failure, but if each distro has its own repository, how is this any different? Sure, maybe you can edit your apt.sources file and add in a couple more, but do you really want to explain to my mom how to do that?

Versions of programs are not the latest and greatest (Debian Stable), consider a distribution that provides more bleeding edge with resulting less stability (Ubuntu forked from Debian Testing/Unstable branches).

Yeah, good luck explaining that to the average iPhone owners. This kind of bullshit is EXACTLY why Linux on the desktop never gained any significant marketshare.

If a device is branded as an "Android device" it should be able to easily take Google's core distribution firmware through a standard flashing process; let manufacturers provide a small separate blob image for device specific drivers if they must. Really, they should be providing the drivers back to the core distribution's kernel but the add-on blob is an acceptable compromise for the moment.

Agreed 100%.

Vendor's who must fork Android into there own one-off version, as has been sadly popular, should indeed be providing there own repositories. They fork the distribution away from the parent distro, they accept the responsibility of managing there own repositories and loss of use of the "Android" branding.

That is the way it works now, in fact. If you deviate too far from 'the standard', you lose the ability to call your product Android, and you lose access to the Android marketplace. Of course, some people would argue that it doesn't go far enough, and I'm one of those people.

The thing to realize is that the distribution is the consumer product not the kernel it happens to be based on or any other separate commodity parts it happens to be assembled from. Debian, Windows, Ubuntu, Mint, Red Hat, osX; all separate distributions at the product level which the consumer interacts with. A shelf of parts and bolts is not a product usable by an average driver until it's assembled into a car.

(now, to see if I can figure out the formatting tags)

IMHO, that's a pretty bad way to differentiate distros, and a pretty bad reason to have so many different ones. If we're going to play this game, I'd rather see 3 different distros with very solid repositories, rather than 900. Or better yet, how about 1 distro with 1 repository? One of the points made in the article is that having a single app store exposes a single point of failure, but if each distro has its own repository, how is this any different? Sure, maybe you can edit your apt.sources file and add in a couple more, but do you really want to explain to my mom how to do that?

I'd agree if the repository was the only attribute that differentiated a distribution from other's. What I said was that it's an attribute; that indicates that it is among other differentiating attributes. For example, how the overall project is managed, what it's production goals are, the cosmetics of the resulting distribution and so on.

Any why is choice suddenly a bad thing when we talk about Linux based distributions? Somehow we manage to choose a toothpaste or breakfast cereal in-spite of having more than three or one choice on the store shelf. Mint should not be allowed to exist because it's production goals differ from Canonical's? Canonical should never have been allowed to exist because it has choices which differ from Debian's? Why on would we want different products within a category focusing on the different needs of different consumers.. that's just madness.

Regarding one point of failure, is the difference between a single repository for one distribution (App store) and separate repositories for separate distributions not obvious? Um, because they are separate products from separate organizations making separate decisions and one is not directly related or comparable too the other?

Let's imagine a world where all Linux based distributions must draw on a single repository:

- how are differences in default config and system layout by different distributions managed?

- how are different distributions able to try out different package formats and managers when all must adhere to a single repository?

- when one of Gentoo's package managers skipped checking the UnrealIRCd source code from a secondary server against the known good MD5 hash from the primary server before packaging it for Gentoo they affected the security of a single distribution. As of yet, I've not seen reports that any other production version of a major distribution was affected. One single repository would have introduced this vulnerability into all distributions. Welcome to Windows, where would you like your 'sploit to go today?

Should Ford's dealerships to sell and support Toyota's cars too? I mean, this multiple dealerships for multiple car manufacturer's is just nuts isn't it?

In terms of adding and removing additional repositories; again, it's something that depends on the distribution. Why do you have her self-managing a distribution focused on more advanced users? Why don't you simply add the repository entry for her by physical presence or through a quick ssh login?

Even still, Debian's sources.list file is pretty easy to update but there's nothing stopping Debian or anyone else from providing repositories in a way that automates the addition. Maemo does just this actually. Third party applications can add there own repository to the list with user consent. Repository entries can also be added as a simple file download. One website provides a list of repositories; select the ones you want by checkbox and have them all setup at once. Don't blame the repository system for how a distribution manages addition/removal of entries. (yet another way distributions differentiate)

Versions of programs are not the latest and greatest (Debian Stable), consider a distribution that provides more bleeding edge with resulting less stability (Ubuntu forked from Debian Testing/Unstable branches).

Yeah, good luck explaining that to the average iPhone owners. This kind of bullshit is EXACTLY why Linux on the desktop never gained any significant marketshare.

First, why is one explaining Debian's repository setup to an Iphone user? Is understanding osX setup now required for Windows users?

Second, Debian focuses on security and stability over having the latest immature software version number. The offer an opt-in for non-free code. How is that bullshit? Products should not value goals related to there target use? If having the latest version number is your preference; pick a distribution that markets itself on being bleeding edge. Go play with Fedora where instability is considered a feature.

I get stable and more secure but slightly older versions without imposing on your preference for the latest possible software version. You get the latest software version without imposing on my preference. We both get update patches. Because of multiple distributions and in some cases, multiple branches within a single distribution; we both win. Both our end user needs are covered; a feature of a healthy market with multiple products within a single category (ie. separate distributions providing there own repositories).

And here's the icing on top; I still get Firefox4 for my html5 requirements and the latest Metasploit with it's most up to date module additions. Both without having to decrease the stability of the rest of my system.

And this desktop market share you mention; would that be the one measured through retail channels which can only understate the true market share of Linux based distributions while overstating the Windows market share by counting Microsoft's licenses sold to stockpiles rather than actually active on end user owned machines? I thought we where talking about technically related attributes of the distribution repository model not retail market metrics.

That is the way it works now, ...

With Google's most recent announcement they've greatly reduced the scope within which a manufacturer can modify Android and still retain use of the brand name. I truly hope it has the desired affect of decreasing the fragmentation within it. It's a big step forward compared to the previous permitted scope of customization.

I'd like to see manufacturers feeding driver code back into the core Android image but can accept a driver bundle flashed in along side Google's firmware image.

I'd like to see more standardized settings management even while allowing different superficial layers for cosmetics. I hear the issue currently is a different way to talk a user through doing things on each different handset that may walk into an organization; sucks for IT support guys.

I'd like to see vendor specific "value add" crapware as an opt-in install rather than a default install the user must then opt-out of by unclean uninstall processes.

I think these things would improve the situation for Android users though my preference for having a more complete traditional distribution will probably keep me on Maemo and Meego provided future hardware is an upgrade from my N900. Stock Debian on a mobile device would probably trump all for me though; Same tool set on all my machines.. oh baby..